Use Sandboxie and DropMyRights together ?

No, not for you. I quoted user blasev.

 

You're welcome.

I think the site says either Sandboxie or DropMyRights, not both together.

Here's a good deal: -http://ssj100.fullsubject.com/t247-sandboxie-promotion-deal-discounted-one-year-license-

Yes, at least in my opinion.

 

Reading the article mentioned in the OP, I don't think the article's author ever implied both should be used together. It seems to be presented as an "either or" to me. He does appear not to have been aware that Sandboxie had a drop my rights function or chose not to complicate things by mentioning it.

The Sandboxie nag screen will appear after 30 days, I believe.

--edit--
J_L had the same thought as me...

 

@ J_L ... Before taking any more bows, Sully pointed this out to the OP in the 2nd post.

 

I disagree, though it may not matter what the author was or was not aware of. However, when gizmo cites "B. Running your browser with reduced privileges using Sandboxie", that to me is a direct reference to Drop Rights.

 

I'm not so sure. If it was a direct reference to Drop Rights within Sandboxie, he'd have had to mention it in the article, as (correct me if I'm wrong) the setting is an option and isn't set by default. He may have just been using the title to match the title of the other option.

 

I agree that the author could have made it all clearer.
Thing is, he could have just said, "Running your browser using Sandboxie".
But he didn't. He inserted the words "with reduced privileges", which to me is specifying how to run it... with reduced privileges... which to me means "with Drop Rights".
Only Gizmo knows for sure.

Edit in: Well, I went to the source. I asked Gizmo if he was referring to Drop Rights in that article. His response? "I believe that Sandboxie feature has been added since the review was originally written." So my conclusion is that he was referring to Drop Rights, but he didn't know he was. Joking aside, looks like sbseven had it right.

 

Nice one.

 

This really isn't as complicated as it seems.

A security token gives the rights that may happen, whether they be admin rights or more restricted user rights.

DropMyRights simply creates a process with only user rights in the token. Nothing magical.

If you use DMR on a process that also is run in a sanbox, then the process does not realize the restrictions within the sandbox, only outside of the sandbox. If you trust SBIE 100% to never fail, then it is a useless feature. If you like the idea of have a 'failsafe' if SBIE is ever somehow overcome, then it can be of use.

The DropRights option that SBIE uses essentially does the same thing DMR does, it strips the token of admin rights, leaving the rights of a standard user. This is so that you can have the same effect in the sandbox that you would in the real environment.

There should not be a concern over whether one is better than the other, or whether one is all you need, because they are not the same. Understanding what a token is, understanding what rights are, they appear to be one and the same. Because they are in different environments however, they are independent of each other, and therefore not the same, at least in terms of what will effect what.

Sul.